From eb6addd0349565de2b05a755f965536cc35dcfad Mon Sep 17 00:00:00 2001
From: zhanshi <zhanshi@os31.xyz>
Date: Sat, 8 Feb 2025 12:24:20 +0100
Subject: [PATCH] watch me smash my head on the keyboard

---
 dockerfile | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/dockerfile b/dockerfile
index 089d9a8..74d9e52 100644
--- a/dockerfile
+++ b/dockerfile
@@ -13,13 +13,17 @@ RUN go mod tidy && go build -o codex-server
 # create a smaller final image  
 FROM alpine:latest  
 
-WORKDIR /root/  
+WORKDIR /app  
 
 # copy the built binary from the builder stage  
 COPY --from=builder /app/codex-server .  
 
+# set a non-root user for security  
+RUN addgroup -S appgroup && adduser -S appuser -G appgroup  
+USER appuser  
+
 # expose the port (match your go server's listening port)  
 EXPOSE 61594  
 
 # run the go server  
-CMD ["./codex-server"]
\ No newline at end of file
+ENTRYPOINT ["./codex-server"]